hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Gent <chris.g...@bigdatapartnership.com>
Subject Re: doAs with HBase Java API and Apache Ranger
Date Fri, 18 Dec 2015 17:24:00 GMT
Hey Ted,

Yeah - they suggested asking over here :-)

I think the question is where the user context is set/comes from when using
the HBase API. It was suggested that it comes when the Table object gets
created? Or is it right back when the connection is established?

--
Chris



On 18 December 2015 at 17:18, Ted Yu <yuzhihong@gmail.com> wrote:

> Have you polled Ranger community with this question ?
>
> http://ranger.apache.org/mail-lists.html
>
> Cheers
>
> On Fri, Dec 18, 2015 at 9:04 AM, Chris Gent <
> chris.gent@bigdatapartnership.com> wrote:
>
> > Hi,
> >
> > We have a webservice that performs reads/writes on HBase tables and have
> a
> > requirement to authorize and audit table/column family access using
> Ranger.
> >
> > I've configured the reads/writes to be performed under doAs to try to
> make
> > this happen but the requests end up being authorized and audit logged as
> > the service user rather than the requestor.
> >
> >
> > A snippet of the application code looks like this (doAsUser is the end
> > user's username):
> >
> >
> > UserGroupInformation ugi = UserGroupInformation.createProxyUser(doAsUser,
> > UserGroupInformation.getLoginUser());
> >
> > try {
> >       ugi.doAs(new PriviledgedExceptionAction<Void>() {
> >           @Override
> >           public Void run() throws Exception {
> >                 LOGGER.info("HBase put as user " +
> ugi.getShortUserName());
> >                 table.put(put);
> >                 return null;
> >           }
> >     });
> >
> >
> > Has anyone got experience with the HBase Ranger plugin and/or come across
> > this problem before and know the best way to solve it?
> >
> > For reference this is all running with HDP 2.3.2.
> >
> > Thanks in advance!
> >
> > --
> > Chris
> >
> > --
> >
> >
> > *NOTICE AND DISCLAIMER*
> >
> > This email (including attachments) is confidential. If you are not the
> > intended recipient, notify the sender immediately, delete this email from
> > your system and do not disclose or use for any purpose.
> >
> > Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
> > Kingdom
> > Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE.
> United
> > Kingdom
> > Big Data Partnership Limited is a company registered in England & Wales
> > with Company No 7904824
> >
>



-- 
*Christopher Gent*

*Managing Consultant*
Big Data Partnership
M: 07795 210205
E: chris.gent@bigdatapartnership.com

*NOTICE AND DISCLAIMER*

This email (including attachments) is confidential. If you are not the
intended recipient, notify the sender immediately, delete this email from
your system and do not disclose or use for any purpose.

Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
Kingdom
Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United
Kingdom
Big Data Partnership Limited is a company registered in England & Wales
with Company No 7904824

-- 
 

*NOTICE AND DISCLAIMER*

This email (including attachments) is confidential. If you are not the 
intended recipient, notify the sender immediately, delete this email from 
your system and do not disclose or use for any purpose.

Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United 
Kingdom
Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United 
Kingdom
Big Data Partnership Limited is a company registered in England & Wales 
with Company No 7904824

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message